Trouble running a proxy VPN

Pranesh Prakash pranesh at cis-india.org
Wed Jun 14 10:00:20 CEST 2017 

Dear all,
I'm running Ubuntu 16.04 on my laptop and a remote DigitalOcean server, 
and trying to set up a VPN proxy to send all my (for now IPv4) traffic 
through that server.

I can get a VPN tunnel up an working, but I can't get my web traffic to 
pass through it.  What am I doing wrong?

Here are my config files:
===
On the client:
~ cat /etc/wireguard/deneb.conf
[Interface]
Address = 10.10.10.2/32
PostUp = echo nameserver 10.10.10.1 | resolvconf -a tun.%i -m 0 -x
PostDown = resolvconf -d tun.%i
PrivateKey = [pvtkey-of-client]

[Peer]
PublicKey = [pubkey-of-server]
AllowedIPs = 0.0.0.0/0
Endpoint = 162.x.x.125:500
PersistentKeepalive = 25

On server:
sol at deneb:~⟫ cat /etc/wireguard/deneb.conf
[Interface]
Address = 10.10.10.1
PrivateKey = [pvtkey-of-server]
ListenPort = 500

[Peer]
PublicKey = [pubkey-of-client]
AllowedIPs = 10.10.10.2/24
===

On the client I do:
~ sudo wg-quick up deneb
[#] ip link add deneb type wireguard
[#] wg setconf deneb /dev/fd/63
[#] ip address add 10.10.10.2/32 dev deneb
[#] ip link set mtu 1420 dev deneb
[#] ip link set deneb up
[#] wg set deneb fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev deneb table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] echo nameserver 10.10.10.1 | resolvconf -a tun.deneb -m 0 -x

~ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by 
resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.10.10.1
nameserver 127.0.1.1
search lan

~ ping -c2 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=263 ms
64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=287 ms

--- 10.10.10.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 263.302/275.567/287.833/12.276 ms

~ ping google.com
PING google.com (216.58.197.46) 56(84) bytes of data.
^C
--- google.com ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7000ms

~  sudo wg show deneb
interface: deneb
  public key: [pubkey-of-client]
  private key: (hidden)
  listening port: 40401
  fwmark: 0xca6c

peer: [pubkey-of-server]
  endpoint: 162.x.x.125:500
  allowed ips: 0.0.0.0/0
  latest handshake: 1 minute, 48 seconds ago
  transfer: 85.73 KiB received, 208.13 KiB sent
  persistent keepalive: every 25 seconds

On the server:
sol at deneb:~⟫ sudo wg show wg0
interface: wg0
   public key: [pubkey-of-server]
   private key: (hidden)
   listening port: 500

peer: [pubkey-of-client]
   endpoint: 123.x.x.4:40401
   allowed ips: 10.10.10.0/24
   latest handshake: 10 seconds ago
   transfer: 1.26 MiB received, 1.15 MiB sent

-- 
Pranesh Prakash
Policy Director, Centre for Internet and Society
http://cis-india.org | tel:+91 80 40926283
sip:pranesh at ostel.co | xmpp:pranesh at cis-india.org
https://twitter.com/pranesh

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20170614/4c14fcbe/attachment.asc>

More information about the WireGuard mailing list